mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
[DEV] Fix permission issue with dev workflow. (#1033)
* [DEV] Fix permission issue with dev workflow. nginx backend was facing permission denied errors because the permissions of the html files were too restricted. Moreover those files were added to the docker image while they could just be mounted as other services. * Fix Kubernetes integration test Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
This commit is contained in:
parent
7488206195
commit
b264e63235
|
@ -1,4 +0,0 @@
|
||||||
FROM nginx:alpine
|
|
||||||
|
|
||||||
ADD html /usr/share/nginx/html
|
|
||||||
ADD nginx.conf /etc/nginx/nginx.conf
|
|
|
@ -1,8 +1,7 @@
|
||||||
version: '3'
|
version: '3'
|
||||||
services:
|
services:
|
||||||
nginx-backend:
|
nginx-backend:
|
||||||
build:
|
image: nginx:alpine
|
||||||
context: ./example/compose/nginx/backend
|
|
||||||
labels:
|
labels:
|
||||||
- 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # Traefik 1.x
|
- 'traefik.frontend.rule=Host:home.example.com,public.example.com,secure.example.com,admin.example.com,singlefactor.example.com' # Traefik 1.x
|
||||||
- 'traefik.frontend.auth.forward.address=https://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 1.x
|
- 'traefik.frontend.auth.forward.address=https://authelia-backend:9091/api/verify?rd=https://login.example.com:8080/' # Traefik 1.x
|
||||||
|
@ -17,5 +16,8 @@ services:
|
||||||
- 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true' # Traefik 2.x
|
- 'traefik.http.middlewares.authelia.forwardauth.tls.insecureSkipVerify=true' # Traefik 2.x
|
||||||
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Traefik 2.x
|
- 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true' # Traefik 2.x
|
||||||
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' # Traefik 2.x
|
- 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups' # Traefik 2.x
|
||||||
|
volumes:
|
||||||
|
- ./example/compose/nginx/backend/html:/usr/share/nginx/html
|
||||||
|
- ./example/compose/nginx/backend/nginx.conf:/etc/nginx/nginx.conf
|
||||||
networks:
|
networks:
|
||||||
- authelianet
|
- authelianet
|
0
internal/suites/example/compose/nginx/backend/html/admin/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/admin/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/dev/groups/admin/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/dev/groups/admin/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/dev/groups/dev/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/dev/groups/dev/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/dev/users/bob/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/dev/users/bob/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/dev/users/harry/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/dev/users/harry/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/dev/users/john/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/dev/users/john/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/home/index.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/home/index.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/icon.png
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/icon.png
Normal file → Executable file
Before Width: | Height: | Size: 1.4 KiB After Width: | Height: | Size: 1.4 KiB |
0
internal/suites/example/compose/nginx/backend/html/mail/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/mail/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/public/index.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/public/index.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/public/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/public/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/secure/index.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/secure/index.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/secure/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/secure/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/singlefactor/secret.html
Normal file → Executable file
0
internal/suites/example/compose/nginx/backend/html/singlefactor/secret.html
Normal file → Executable file
|
@ -18,10 +18,32 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- name: test-app
|
- name: test-app
|
||||||
imagePullPolicy: Never
|
image: nginx:alpine
|
||||||
image: nginx-backend
|
command: ["/entrypoint.sh"]
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 80
|
- containerPort: 80
|
||||||
|
volumeMounts:
|
||||||
|
- name: config-volume
|
||||||
|
mountPath: /entrypoint.sh
|
||||||
|
subPath: entrypoint.sh
|
||||||
|
- name: config-volume
|
||||||
|
mountPath: /etc/nginx/nginx.conf
|
||||||
|
subPath: nginx.conf
|
||||||
|
- name: config-volume
|
||||||
|
mountPath: /tmp/html.tar.gz
|
||||||
|
subPath: html.tar.gz
|
||||||
|
volumes:
|
||||||
|
- name: config-volume
|
||||||
|
configMap:
|
||||||
|
name: nginx-config
|
||||||
|
items:
|
||||||
|
- key: entrypoint.sh
|
||||||
|
path: entrypoint.sh
|
||||||
|
mode: 0755
|
||||||
|
- key: nginx.conf
|
||||||
|
path: nginx.conf
|
||||||
|
- key: html.tar.gz
|
||||||
|
path: html.tar.gz
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
|
5
internal/suites/example/kube/apps/configs/entrypoint.sh
Normal file
5
internal/suites/example/kube/apps/configs/entrypoint.sh
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
rm -rf /usr/share/nginx/html && \
|
||||||
|
tar xfz /tmp/html.tar.gz -C /usr/share/nginx/ && \
|
||||||
|
nginx "-g daemon off;"
|
BIN
internal/suites/example/kube/apps/configs/html.tar.gz
Normal file
BIN
internal/suites/example/kube/apps/configs/html.tar.gz
Normal file
Binary file not shown.
51
internal/suites/example/kube/apps/configs/nginx.conf
Normal file
51
internal/suites/example/kube/apps/configs/nginx.conf
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
worker_processes 1;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
root /usr/share/nginx/html/home;
|
||||||
|
server_name home.example.com;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
root /usr/share/nginx/html/public;
|
||||||
|
server_name public.example.com;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
root /usr/share/nginx/html/secure;
|
||||||
|
server_name secure.example.com;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
root /usr/share/nginx/html/admin;
|
||||||
|
server_name admin.example.com;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
root /usr/share/nginx/html/dev;
|
||||||
|
server_name dev.example.com;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
root /usr/share/nginx/html/mail;
|
||||||
|
server_name mx1.mail.example.com mx2.mail.example.com;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
root /usr/share/nginx/html/singlefactor;
|
||||||
|
server_name singlefactor.example.com;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
start_apps() {
|
start_apps() {
|
||||||
# Create TLS certificate and key for HTTPS termination
|
# Create TLS certificate and key for HTTPS termination
|
||||||
kubectl create secret generic test-app-tls --namespace=authelia --from-file=apps/ssl/server.key --from-file=apps/ssl/server.cert
|
kubectl create secret generic test-app-tls --namespace=authelia --from-file=apps/ssl/server.key --from-file=apps/ssl/server.cert
|
||||||
|
kubectl create configmap nginx-config --namespace=authelia --from-file=apps/configs/entrypoint.sh --from-file=apps/configs/nginx.conf --from-file=apps/configs/html.tar.gz
|
||||||
|
|
||||||
# Spawn the applications
|
# Spawn the applications
|
||||||
kubectl apply -f apps
|
kubectl apply -f apps
|
||||||
|
|
|
@ -22,11 +22,6 @@ func init() {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
cmd = utils.Shell("docker build -t nginx-backend internal/suites/example/compose/nginx/backend")
|
|
||||||
if err := cmd.Run(); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
exists, err := kind.ClusterExists()
|
exists, err := kind.ClusterExists()
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -115,7 +110,7 @@ func init() {
|
||||||
|
|
||||||
func loadDockerImages() error {
|
func loadDockerImages() error {
|
||||||
kind := Kind{}
|
kind := Kind{}
|
||||||
images := []string{"authelia:dist", "nginx-backend"}
|
images := []string{"authelia:dist"}
|
||||||
|
|
||||||
for _, image := range images {
|
for _, image := range images {
|
||||||
err := kind.LoadImage(image)
|
err := kind.LoadImage(image)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user